ClawHub

stock-portfolio-aisa

Security checks across malware telemetry and agentic risk

Overview

This is a coherent portfolio-tracking skill, but it stores sensitive portfolio data in a mismatched skill namespace and can permanently delete portfolios without confirmation.

Review before installing if you track sensitive holdings. Use a dedicated AISA API key, avoid overriding AISA_BASE_URL unless you trust the endpoint, and consider changing the storage path to a stock-portfolio-specific directory before relying on it. Only allow delete actions after an explicit user request, because deletion is immediate and not recoverable from this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The code stores portfolio data under `skills/stock-analysis/portfolios.json` while the module documentation says it belongs to the stock-portfolio skill. This mismatch can cause cross-skill data confusion, unintended access by another skill, and weakens users' ability to understand where sensitive holdings data is being persisted.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill advertises a delete capability for portfolios but does not warn that deletion is destructive or describe safeguards such as confirmation prompts or recovery. In an agent setting, this can lead to accidental loss of user portfolio data if the model invokes deletion from an ambiguous request or without adequate user consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The `show` command sends the portfolio's ticker list to a remote AIsa/OpenAI-compatible API to obtain prices, but the command usage and help text do not clearly disclose that portfolio contents are transmitted off-host. Even though only tickers are sent, holdings data can still reveal investment interests and may be sensitive in some environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The delete command permanently removes an entire portfolio immediately, with no confirmation prompt, dry-run, or undo capability. In an agent or CLI context, this increases the risk of accidental or unauthorized destructive actions causing data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal